Organizations that allow wireless access for computer communications or networking need to focus on how best to protect wireless connections. This includes protecting the data that is transmitted over wireless networks.
Controls need to be implemented to manage how networks, systems, and applications are accessed using wireless technologies. Managing wireless access is the focus of pitfall #37 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Usage restrictions, configuration requirements, and implementation guidance should be established for all wireless access and wireless networking activities within your organization. Wireless access for users should be authorized prior to allowing wireless connections to be made. This needs to be performed in accordance with the Access Control Policy adopted by your organization. Wireless access to systems and applications should be protected using authentication of users or approved devices. Wireless network capabilities embedded within system components should be disabled when not they are not intended to be used. This should occur prior to their implementation into the production environment.
Your organization should implement processes to test for the presence of wireless access points. These tests should be performed at least quarterly. The testing process should detect and identify all authorized and unauthorized wireless access points. Network scanning tools should be configured to detect unauthorized wireless points connected to the organization’s wired networks. Additionally, your organization should consider using a wireless intrusion detection system (WIDS) to alert security and IT personnel when unauthorized wireless activity or potential intrusions occur on the organization’s networks.
A separate wireless network (e.g., guest wireless network) should be created for personal or untrusted devices. Enterprise access from this segregated network should be treated as untrusted. Subsequently, these connections and associated traffic should be filtered and audited accordingly with continuous vulnerability management tools.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASCENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.